General

  • Target

    970da0a6f46a8b1f81c5694d917aade36a5bd4e611e6d27834c508a251cb37e6N.exe

  • Size

    135KB

  • Sample

    241113-a1fjzsteqg

  • MD5

    7c4fd558b0c914b2680e9abef4e7aec0

  • SHA1

    60ac2b35a360dd0b056e5d9a0f1ee229ee5fdf53

  • SHA256

    970da0a6f46a8b1f81c5694d917aade36a5bd4e611e6d27834c508a251cb37e6

  • SHA512

    4b56fb8643bd83a8a2e0ac2ab715353331fdb8b58f2e15ea51e78e2057295a0af6d59dba22c6abe871f4b4b7a1605bbc9e237b8663b2a59b9e708fc9b96f6f54

  • SSDEEP

    1536:YGYU/W2/HG6QMauSV3ixJHABLrmhH7i9eNOOg00GqMIK7aGZh3SOQ:YfU/WF6QMauSuiWNi9eNOl0007NZIOQ

Malware Config

Targets

    • Target

      970da0a6f46a8b1f81c5694d917aade36a5bd4e611e6d27834c508a251cb37e6N.exe

    • Size

      135KB

    • MD5

      7c4fd558b0c914b2680e9abef4e7aec0

    • SHA1

      60ac2b35a360dd0b056e5d9a0f1ee229ee5fdf53

    • SHA256

      970da0a6f46a8b1f81c5694d917aade36a5bd4e611e6d27834c508a251cb37e6

    • SHA512

      4b56fb8643bd83a8a2e0ac2ab715353331fdb8b58f2e15ea51e78e2057295a0af6d59dba22c6abe871f4b4b7a1605bbc9e237b8663b2a59b9e708fc9b96f6f54

    • SSDEEP

      1536:YGYU/W2/HG6QMauSV3ixJHABLrmhH7i9eNOOg00GqMIK7aGZh3SOQ:YfU/WF6QMauSuiWNi9eNOl0007NZIOQ

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks